IDMXUser View Differences

The following sections provide a summary of the differences between
the IDMXUser view, and views defined in Identity Manager.

Identity Manager User View

Top-Level Attributes

Identity Manager User View

IDMXUser View

password

Not applicable

global

Not applicable

update

Not applicable

waveset Attributes

Identity Manager User View

IDMXUser View

waveset.form

sys.form

waveset.id

sys.id

waveset.accountId

accountId (actual attribute name is name assigned in the schema map)

waveset.password

password (actual attribute name is assigned in the schema map)

waveset.email

email (actual name is assigned in the schema map)

waveset.disabled

Not applicable

waveset.roles

roles

waveset.resources

resources

waveset.policies

policy

waveset.applications

applications

waveset.organization

Not applicable

waveset.organizationId

Not applicable

waveset.policies

Not applicable

waveset.adminRoles

Not applicable

waveset.capabilities

Not applicable

waveset.creator

Not applicable

waveset.createDate

Not applicable

waveset.lastModifier

Not applicable

waveset.lastModDate

Not applicable

waveset.backgroundSave

Not applicable

waveset.attributes

Not applicable

waveset.original

Not applicable

waveset.accounts Attributes

Identity Manager User View

IDMXUser View

waveset.accounts

sys.links

waveset.accounts[].resource

sys.links[].resource

waveset.accounts[].id

Not applicable

waveset.accounts[].accountId

sys.links[].identity

waveset.accounts[].accountGUID

sys.links[].guid

waveset.accounts[].accountDisplayName

sys.links[].displayName

waveset.accounts[].tempId

Not applicable

waveset.accounts[].created

sys.links[].created

waveset.accounts[].disabled

sys.links[].disabled

waveset.accounts[].attributes

sys.links[].attributes

waveset.accounts[].password

sys.links[].attributes.password

waveset.accounts[].resourceAttributes

Not applicable

waveset.accounts[].properties

Not applicable

waveset.accounts[].templateParameters

Not applicable

accounts Attributes

Identity Manager User View

IDMXUser View

accounts[]

objects[]

accounts[].identity

objects[].sys.identity

accounts[].UserDefined

objects[].UserDefined

accounts[Lighthouse].firstname

firstname (attribute name assigned in schema map)

accounts[Lighthouse].lastname

lastname (attribute name assigned in schema map)

accounts[Lighthouse].fullname

fullname (attribute name assigned in schema map)

accounts[Lighthouse].UserDefined

UserDefined

accountInfo Attributes

Identity Manager User View

IDMXUser View

accountInfo

info

accountInfo.typeNames

info.resourceTypes

accountInfo.types

Not applicable

accountInfo.accounts

info.objects

accountInfo.accounts[Lighthouse]

info.master

resourceAccounts View

Identity Manager User View

IDMXUser View

selectAll

Not applicable

resourceAccounts.currentResourceAccounts

objects

resourceAccounts.tobeCreatedResourceAccounts

info.objects

resourceAccounts.tobeDeletedResourceAccounts

info.objects

resourceAccounts.currentResourceAccounts[].attributes

objects[]

resourceAccounts.currentResourceAccounts[].selected

Not applicable

Note –

The mappings for info.objects are functionally
similar to their resource accounts views counterparts, but they are not structurally
similar.

In general, in Identity Manager, the resource accounts views operate
by setting the selected attribute in the currentResourceAccounts list to true, which will then have different
behavior for each view type.

In Service Provider, accounts are not selected with a boolean attribute.
Instead, each operation has an action attribute that is
initially null, and when set, triggers the operation.

All resource accounts views provide a way to update arbitrary account
attributes in addition to performing an operation.

Most allow attributes to be placed in:

resourceAccounts.currentResourceAccounts[].attributes

The Rename view uses:

accounts[]

In the IDMXUser view, you always place attributes you want to modify
in:

objects[]

password View

The desired password is simply set in the following attributes:

password
objects[].password

There is no automatic synchronization of passwords from the top level
password attribute to the password attribute
on the individual resource accounts. To pre-expire the password, set the following
attributes:

sys.expirePassword
objects[].sys.expirePassword

Disable and Enable Views

In Identity Manager, accounts are enabled or disabled by checking out
the Enable or Disable view and setting the value of

resourceAccounts.currentResourceAccounts[].selected to
true.

In the IDMXUser view, you set the following action attributes to true or false.

sys.disable
objects[].sys.disable

Rename View

In the Identity Manager Rename view, the new name is specified in the
top-level field newAccountId, which is then propagated
to those resource accounts selected in the currentResourceAccounts list.
In the IDMXUser view, renames are requested by setting the following attributes
to the desired identity, which for LDAP resources must be the full DN.

sys.newIdentity
objects[].sys.newIdentity

Deprovision View

The Identity Manager deprovision view has a complex structure designed
for use with interactive forms. The three operations that may be requested
through this view are:

unassign. Removes the assignment and deletes the
account.

unlink. Removes the account link without deleting.

delete. Deletes the account, but leave the assignment.

In the IDMXUser view, you perform an unassign simply by removing a name
from the roles, resources, or applications lists.

To perform an unlink, you may remove an object from the sys.links list,
or set the following action attribute to true:

objects[].sys.unlink

To perform a delete without unassigning set the following command attribute
to true.